Activating the two step verification in the google account set-up is an easy way to make google login much more secure. When the two step verification is active, google sends an SMS with a verification code when you log in. Some computers can be trusted so that it does not ask for the verification code on those machines.

If you use gmail exchange server to synchronize your mobile phone contacts, agenda or email you will need to generate app-specific passwords and configure your phone with it. This is a one-time process.

There are several horror stories about hacked gmail accounts like this one: http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/

Here is a nice tutorial on how to activate the two step verification:  http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html